--- /dev/null
+/*
+ * Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+//
+// SDContext - cryptographic contexts for the security server
+//
+#include "SDContext.h"
+
+#include "SDCSPSession.h"
+#include "SDKey.h"
+#include <security_utilities/debugging.h>
+
+#define ssCryptDebug(args...) secdebug("ssCrypt", ## args)
+
+using namespace SecurityServer;
+
+//
+// SDContext
+//
+SDContext::SDContext(SDCSPSession &session)
+: mSession(session), mContext(NULL)
+{
+}
+
+void SDContext::clearOutBuf()
+{
+ if(mOutBuf.Data) {
+ mSession.free(mOutBuf.Data);
+ mOutBuf.clear();
+ }
+}
+
+void SDContext::copyOutBuf(CssmData &out)
+{
+ if(out.length() < mOutBuf.length()) {
+ CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
+ }
+ memmove(out.Data, mOutBuf.Data, mOutBuf.Length);
+ out.Length = mOutBuf.Length;
+ clearOutBuf();
+}
+
+void
+SDContext::init(const Context &context,
+ bool /* encoding */) // @@@ should be removed from API since it's already in mDirection
+{
+ mContext = &context;
+ clearOutBuf();
+}
+
+SecurityServer::ClientSession &
+SDContext::clientSession()
+{
+ return mSession.clientSession();
+}
+
+
+//
+// SDRandomContext -- Context for GenerateRandom operations
+//
+SDRandomContext::SDRandomContext(SDCSPSession &session) : SDContext(session) {}
+
+void
+SDRandomContext::init(const Context &context, bool encoding)
+{
+ SDContext::init(context, encoding);
+
+ // set/freeze output size
+ mOutSize = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE);
+
+#if 0
+ // seed the PRNG (if specified)
+ if (const CssmCryptoData *seed = context.get<CssmCryptoData>(CSSM_ATTRIBUTE_SEED)) {
+ const CssmData &seedValue = (*seed)();
+ clientSession().seedRandom(seedValue);
+ }
+#endif
+}
+
+size_t
+SDRandomContext::outputSize(bool final, size_t inSize)
+{
+ return mOutSize;
+}
+
+void
+SDRandomContext::final(CssmData &out)
+{
+ clientSession().generateRandom(*mContext, out);
+}
+
+
+// signature contexts
+SDSignatureContext::SDSignatureContext(SDCSPSession &session)
+ : SDContext(session),
+ mKeyHandle(noKey),
+ mNullDigest(NULL),
+ mDigest(NULL)
+{
+ /* nothing else for now */
+}
+
+SDSignatureContext::~SDSignatureContext()
+{
+ delete mNullDigest;
+ delete mDigest;
+}
+
+void SDSignatureContext::init(const Context &context, bool signing)
+{
+ SDContext::init(context, signing);
+
+ /* reusable: skip everything except resetting digest state */
+ if((mNullDigest != NULL) || (mDigest != NULL)) {
+ if(mNullDigest != NULL) {
+ mNullDigest->digestInit();
+ }
+ return;
+ }
+
+ /* snag key from context */
+ const CssmKey &keyInContext =
+ context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
+ CSSMERR_CSP_MISSING_ATTR_KEY);
+ mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
+
+ /* get digest alg and sig alg from Context.algorithm */
+ switch(context.algorithm()) {
+ /*** DSA ***/
+ case CSSM_ALGID_SHA1WithDSA:
+ mDigestAlg = CSSM_ALGID_SHA1;
+ mSigAlg = CSSM_ALGID_DSA;
+ break;
+ case CSSM_ALGID_DSA: // Raw
+ mDigestAlg = CSSM_ALGID_NONE;
+ mSigAlg = CSSM_ALGID_DSA;
+ break;
+ /*** RSA ***/
+ case CSSM_ALGID_SHA1WithRSA:
+ mDigestAlg = CSSM_ALGID_SHA1;
+ mSigAlg = CSSM_ALGID_RSA;
+ break;
+ case CSSM_ALGID_MD5WithRSA:
+ mDigestAlg = CSSM_ALGID_MD5;
+ mSigAlg = CSSM_ALGID_RSA;
+ break;
+ case CSSM_ALGID_MD2WithRSA:
+ mDigestAlg = CSSM_ALGID_MD2;
+ mSigAlg = CSSM_ALGID_RSA;
+ break;
+ case CSSM_ALGID_RSA: // Raw
+ mDigestAlg = CSSM_ALGID_NONE;
+ mSigAlg = CSSM_ALGID_RSA;
+ break;
+ /*** FEE ***/
+ case CSSM_ALGID_FEE_SHA1:
+ mDigestAlg = CSSM_ALGID_SHA1;
+ mSigAlg = CSSM_ALGID_FEE;
+ break;
+ case CSSM_ALGID_FEE_MD5:
+ mDigestAlg = CSSM_ALGID_MD5;
+ mSigAlg = CSSM_ALGID_FEE;
+ break;
+ case CSSM_ALGID_FEE: // Raw
+ mDigestAlg = CSSM_ALGID_NONE;
+ mSigAlg = CSSM_ALGID_FEE;
+ break;
+ /*** ECDSA ***/
+ case CSSM_ALGID_SHA1WithECDSA:
+ mDigestAlg = CSSM_ALGID_SHA1;
+ mSigAlg = CSSM_ALGID_ECDSA;
+ break;
+ case CSSM_ALGID_SHA224WithECDSA:
+ mDigestAlg = CSSM_ALGID_SHA224;
+ mSigAlg = CSSM_ALGID_ECDSA;
+ break;
+ case CSSM_ALGID_SHA256WithECDSA:
+ mDigestAlg = CSSM_ALGID_SHA256;
+ mSigAlg = CSSM_ALGID_ECDSA;
+ break;
+ case CSSM_ALGID_SHA384WithECDSA:
+ mDigestAlg = CSSM_ALGID_SHA384;
+ mSigAlg = CSSM_ALGID_ECDSA;
+ break;
+ case CSSM_ALGID_SHA512WithECDSA:
+ mDigestAlg = CSSM_ALGID_SHA512;
+ mSigAlg = CSSM_ALGID_ECDSA;
+ break;
+ case CSSM_ALGID_ECDSA: // Raw
+ mDigestAlg = CSSM_ALGID_NONE;
+ mSigAlg = CSSM_ALGID_ECDSA;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+
+ /* set up mNullDigest or mDigest */
+ if(mDigestAlg == CSSM_ALGID_NONE) {
+ mNullDigest = new NullDigest();
+ }
+ else {
+ mDigest = new CssmClient::Digest(mSession.mRawCsp, mDigestAlg);
+ }
+}
+
+/*
+ * for raw sign/verify - optionally called after init.
+ * Note that in init (in this case), we set mDigestAlg to ALGID_NONE and set up
+ * a NullDigest. We now overwrite mDigestAlg, and we'll useĆthis
+ * new value when we do the actual sign/vfy.
+ */
+void SDSignatureContext::setDigestAlgorithm(CSSM_ALGORITHMS digestAlg)
+{
+ mDigestAlg = digestAlg;
+}
+
+void SDSignatureContext::update(const CssmData &data)
+{
+ /* Note that for this context, we really can not deal with an out-of-sequence
+ * update --> final(true, 0) --> update since we lose the pending digest state
+ * when we perform the implied final() during outputSize(true, 0). */
+ assert(mOutBuf.Data == NULL);
+
+ /* add incoming data to digest or accumulator */
+ if(mNullDigest) {
+ mNullDigest->digestUpdate(data.data(), data.length());
+ }
+ else {
+ mDigest->digest(data);
+ }
+}
+
+size_t SDSignatureContext::outputSize(bool final, size_t inSize)
+{
+ if(!final) {
+ ssCryptDebug("===sig outputSize !final\n");
+ return 0;
+ }
+ if(!encoding()) {
+ ssCryptDebug("===sig outputSize final, !encoding\n");
+ /* don't see why this is even called... */
+ return 0;
+ }
+ if(inSize == 0) {
+ /*
+ * This is the implied signal to go for it. Note that in this case,
+ * we can not go back and re-do the op in case of an unexpected
+ * sequence of update/outputSize(final, 0)/final - we lose the digest
+ * state. Perhaps we should save the digest...? But still it would
+ * be impossible to do another update.
+ */
+ clearOutBuf();
+ sign(mOutBuf);
+ ssCryptDebug("===sig outputSize(pre-op) %u", (unsigned)mOutBuf.Length);
+ return (size_t)mOutBuf.Length;
+ }
+ else {
+ /* out-of-band case, ask CSP via SS */
+ uint32 outSize = clientSession().getOutputSize(*mContext,
+ mKeyHandle,
+ /* FIXME - what to use for inSize here - we don't want to
+ * interrogate mDigest, as that would result in another RPC...
+ * and signature size is not related to input size...right? */
+ (uint32)inSize,
+ true);
+ ssCryptDebug("===sig outputSize(RPC) %u", (unsigned)outSize);
+ return (size_t)outSize;
+ }
+}
+
+/* sign */
+
+/* first the common routine shared by final and outputSize */
+void SDSignatureContext::sign(CssmData &sig)
+{
+ /* we have to pass down a modified Context, thus.... */
+ Context tempContext = *mContext;
+ tempContext.AlgorithmType = mSigAlg;
+
+ if(mNullDigest) {
+ CssmData dData(const_cast<void *>(mNullDigest->digestPtr()),
+ mNullDigest->digestSizeInBytes());
+ clientSession().generateSignature(tempContext,
+ mKeyHandle,
+ dData,
+ sig,
+ mDigestAlg);
+ }
+ else {
+ CssmAutoData d (mDigest->allocator ());
+ d.set((*mDigest) ());
+
+ clientSession().generateSignature(tempContext,
+ mKeyHandle,
+ d,
+ sig,
+ mDigestAlg);
+ }
+}
+
+/* this is the one called by CSPFullPluginSession */
+void SDSignatureContext::final(CssmData &sig)
+{
+ if(mOutBuf.Data) {
+ /* normal final case in which the actual RPC via SS was done in the
+ * previous outputSize() call. */
+ ssCryptDebug("===final via pre-op and copy");
+ copyOutBuf(sig);
+ return;
+ }
+
+ ssCryptDebug("===final via RPC");
+ sign(sig);
+}
+
+/* verify */
+void
+SDSignatureContext::final(const CssmData &sig)
+{
+ /* we have to pass down a modified Context, thus.... */
+ Context tempContext = *mContext;
+ tempContext.AlgorithmType = mSigAlg;
+
+ if(mNullDigest) {
+ CssmData dData(const_cast<void *>(mNullDigest->digestPtr()),
+ mNullDigest->digestSizeInBytes());
+ clientSession().verifySignature(tempContext,
+ mKeyHandle,
+ dData,
+ sig,
+ mDigestAlg);
+ }
+ else {
+ clientSession().verifySignature(tempContext,
+ mKeyHandle,
+ (*mDigest)(),
+ sig,
+ mDigestAlg);
+ }
+}
+
+
+//
+// SDCryptContext -- Context for Encrypt and Decrypt operations
+//
+SDCryptContext::SDCryptContext(SDCSPSession &session)
+ : SDContext(session), mKeyHandle(noKey)
+{
+ /* nothing for now */
+}
+
+
+SDCryptContext::~SDCryptContext()
+{
+ /* nothing for now */
+}
+
+void
+SDCryptContext::init(const Context &context, bool encoding)
+{
+ ssCryptDebug("===init");
+ SDContext::init(context, encoding);
+
+ /* reusable; reset accumulator */
+ mNullDigest.digestInit();
+
+ const CssmKey &keyInContext =
+ context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
+ CSSMERR_CSP_MISSING_ATTR_KEY);
+ mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
+}
+
+size_t
+SDCryptContext::inputSize(size_t outSize)
+{
+ ssCryptDebug("===inputSize outSize=%u", (unsigned)outSize);
+ return UINT_MAX;
+}
+
+size_t
+SDCryptContext::outputSize(bool final, size_t inSize)
+{
+ ssCryptDebug("===outputSize final %d inSize=%u", final, (unsigned)inSize);
+ if(!final) {
+ /* we buffer until final; no intermediate output */
+ return 0;
+ }
+ size_t inBufSize = mNullDigest.digestSizeInBytes();
+ if(inSize == 0) {
+ /* This is the implied signal to go for it */
+ clearOutBuf();
+ if(inBufSize == 0) {
+ return 0;
+ }
+ const CssmData in(const_cast<void *>(mNullDigest.digestPtr()), inBufSize);
+ if (encoding()) {
+ clientSession().encrypt(*mContext, mKeyHandle, in, mOutBuf);
+ }
+ else {
+ clientSession().decrypt(*mContext, mKeyHandle, in, mOutBuf);
+ }
+ /* leave the accumulator as is in case of unexpected sequence */
+ ssCryptDebug(" ===outSize(pre-op) %u", (unsigned)mOutBuf.Length);
+ return mOutBuf.Length;
+ }
+ else {
+ /* out-of-band case, ask CSP via SS */
+ uint32 outSize = clientSession().getOutputSize(*mContext,
+ mKeyHandle,
+ (uint32)(inBufSize + inSize),
+ encoding());
+ ssCryptDebug(" ===outSize(RPC) %u", (unsigned)outSize);
+ return (size_t)outSize;
+ }
+}
+
+void
+SDCryptContext::minimumProgress(size_t &in, size_t &out)
+{
+ in = 1;
+ out = 0;
+}
+
+void
+SDCryptContext::update(void *inp, size_t &inSize, void *outp, size_t &outSize)
+{
+ ssCryptDebug("===update inSize=%u", (unsigned)inSize);
+ /* add incoming data to accumulator */
+ mNullDigest.digestUpdate(inp, inSize);
+ outSize = 0;
+ clearOutBuf();
+}
+
+void
+SDCryptContext::final(CssmData &out)
+{
+ if(mOutBuf.Data != NULL) {
+ /* normal final case in which the actual RPC via SS was done in the
+ * previous outputSize() call. A memcpy is needed here because
+ * CSPFullPluginSession has just allocated the buf size we need. */
+ ssCryptDebug("===final via pre-op and copy");
+ copyOutBuf(out);
+ return;
+ }
+
+ /* when is this path taken...? */
+ ssCryptDebug("===final via RPC");
+ size_t inSize = mNullDigest.digestSizeInBytes();
+ if(!inSize) return;
+
+ const CssmData in(const_cast<void *>(mNullDigest.digestPtr()), inSize);
+ IFDEBUG(size_t origOutSize = out.length());
+ if (encoding()) {
+ clientSession().encrypt(*mContext, mKeyHandle, in, out);
+ }
+ else {
+ clientSession().decrypt(*mContext, mKeyHandle, in, out);
+ }
+ assert(out.length() <= origOutSize);
+ mNullDigest.digestInit();
+}
+
+// Digest, using raw CSP
+SDDigestContext::SDDigestContext(SDCSPSession &session)
+ : SDContext(session), mDigest(NULL)
+{
+
+}
+
+SDDigestContext::~SDDigestContext()
+{
+ delete mDigest;
+}
+
+void SDDigestContext::init(const Context &context, bool encoding)
+{
+ CSSM_ALGORITHMS alg;
+
+ SDContext::init(context, encoding);
+ alg = context.algorithm();
+ mDigest = new CssmClient::Digest(mSession.mRawCsp, alg);
+}
+
+void SDDigestContext::update(const CssmData &data)
+{
+ mDigest->digest(data);
+}
+
+void SDDigestContext::final(CssmData &out)
+{
+ (*mDigest)(out);
+}
+
+size_t SDDigestContext::outputSize(bool final, size_t inSize)
+{
+ if(!final) {
+ return 0;
+ }
+ else {
+ return (size_t)mDigest->getOutputSize((uint32)inSize);
+ }
+}
+
+// MACContext - common class for MAC generate, verify
+SDMACContext::SDMACContext(SDCSPSession &session)
+ : SDContext(session), mKeyHandle(noKey)
+{
+
+}
+
+void SDMACContext::init(const Context &context, bool encoding)
+{
+ SDContext::init(context, encoding);
+
+ /* reusable; reset accumulator */
+ mNullDigest.digestInit();
+
+ /* snag key from context */
+ const CssmKey &keyInContext =
+ context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
+ CSSMERR_CSP_MISSING_ATTR_KEY);
+ mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
+}
+
+void SDMACContext::update(const CssmData &data)
+{
+ /* add incoming data to accumulator */
+ mNullDigest.digestUpdate(data.data(), data.length());
+}
+
+size_t SDMACContext::outputSize(bool final, size_t inSize)
+{
+ if(!final) {
+ ssCryptDebug("===mac outputSize !final\n");
+ return 0;
+ }
+ if(!encoding()) {
+ ssCryptDebug("===mac outputSize final, !encoding\n");
+ /* don't see why this is even called... */
+ return 0;
+ }
+ if(inSize == 0) {
+ /*
+ * This is the implied signal to go for it.
+ */
+ clearOutBuf();
+ genMac(mOutBuf);
+ ssCryptDebug("===mac outputSize(pre-op) %u", (unsigned)mOutBuf.Length);
+ return (size_t)mOutBuf.Length;
+ }
+ else {
+ /* out-of-band case, ask CSP via SS */
+ uint32 outSize = clientSession().getOutputSize(*mContext,
+ mKeyHandle,
+ (uint32)(inSize + mNullDigest.digestSizeInBytes()),
+ true);
+ ssCryptDebug("===mac outputSize(RPC) %u", (unsigned)outSize);
+ return (size_t)outSize;
+ }
+}
+
+/* generate */
+
+/* first the common routine used by final() and outputSize() */
+void SDMACContext::genMac(CssmData &mac)
+{
+ CssmData allData(const_cast<void *>(mNullDigest.digestPtr()),
+ mNullDigest.digestSizeInBytes());
+ clientSession().generateMac(*mContext, mKeyHandle, allData, mac);
+}
+
+void SDMACContext::final(CssmData &mac)
+{
+ genMac(mac);
+}
+
+/* verify */
+void SDMACContext::final(const CssmData &mac)
+{
+ CssmData allData(const_cast<void *>(mNullDigest.digestPtr()),
+ mNullDigest.digestSizeInBytes());
+ clientSession().verifyMac(*mContext, mKeyHandle, allData, mac);
+}
projects / apple / security.git / blobdiff